Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2022-28094 |
|
Cross-Site Scripting (XSS) in online-sports-complex-booking-system-project (CVE-2022-28094)
cross-site scripting in online-sports-complex-booking-system-project (CVE-2022-28094). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-28093 |
|
Vulnerability in online-sports-complex-booking-system-project (CVE-2022-28093)
vulnerability in online-sports-complex-booking-system-project (CVE-2022-28093). Successful exploitation can lead to full system takeover.
|
| CVE-2022-29533 |
|
Cross-Site Scripting (XSS) in misp-project (CVE-2022-29533)
cross-site scripting in misp-project (CVE-2022-29533). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-29532 |
|
Cross-Site Scripting (XSS) in misp-project (CVE-2022-29532)
cross-site scripting in misp-project (CVE-2022-29532). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-29534 |
|
Authentication Bypass in misp-project (CVE-2022-29534)
authentication bypass in misp-project (CVE-2022-29534). Data can be tampered with by attackers.
|
| CVE-2021-37291 |
|
SQL Injection in sqli (CVE-2021-37291)
SQL injection in sqli (CVE-2021-37291). Successful exploitation can lead to full system takeover.
|
| CVE-2021-37293 |
|
Path Traversal in path-traversal (CVE-2021-37293)
path traversal in path-traversal (CVE-2021-37293). Confidential information can be exposed externally.
|
| CVE-2022-26607 |
|
Unrestricted File Upload in baigo (CVE-2022-26607)
vulnerability in baigo (CVE-2022-26607). Successful exploitation can lead to full system takeover.
|
| CVE-2022-26645 |
|
Unrestricted File Upload in oretnom23 (CVE-2022-26645)
vulnerability in oretnom23 (CVE-2022-26645). Successful exploitation can lead to full system takeover.
|
| CVE-2021-40904 |
|
Vulnerability in checkmk (CVE-2021-40904)
vulnerability in checkmk (CVE-2021-40904). Successful exploitation can lead to full system takeover.
|
| CVE-2021-40906 |
|
Cross-Site Scripting (XSS) in checkmk (CVE-2021-40906)
cross-site scripting in checkmk (CVE-2021-40906). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-25574 |
|
Cross-Site Scripting (XSS) in douco (CVE-2022-25574)
cross-site scripting in douco (CVE-2022-25574). Risk of unauthorized operations or information disclosure.
|
| CVE-2019-11043 KEV |
|
[KEV] Vulnerability in Php fastcgi-process-manager-fpm (CVE-2019-11043)
vulnerability in Php fastcgi-process-manager-fpm (CVE-2019-11043). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2012-1823 KEV |
|
[KEV] Vulnerability in php (CVE-2012-1823)
vulnerability in php (CVE-2012-1823). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-27245 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2022-27245)
SSRF in ssrf (CVE-2022-27245). Successful exploitation can lead to full system takeover.
|
| CVE-2022-27246 |
|
Cross-Site Scripting (XSS) in misp-project (CVE-2022-27246)
cross-site scripting in misp-project (CVE-2022-27246). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-45834 |
|
Unrestricted File Upload in opendocman (CVE-2021-45834)
vulnerability in opendocman (CVE-2021-45834). Successful exploitation can lead to full system takeover.
|
| CVE-2021-44087 |
|
Vulnerability in attendance-and-payroll-system-project (CVE-2021-44087)
vulnerability in attendance-and-payroll-system-project (CVE-2021-44087). Successful exploitation can lead to full system takeover.
|
| CVE-2022-24618 |
|
Vulnerability in c (CVE-2022-24618)
vulnerability in c (CVE-2022-24618). Successful exploitation can lead to full system takeover.
|
| CVE-2022-24512 |
|
Code Injection in Microsoft.NETCore.App.Runtime.linux-arm (CVE-2022-24512)
code injection in Microsoft.NETCore.App.Runtime.linux-arm (CVE-2022-24512). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.0.3` or later.
|
| CVE-2022-24464 |
|
Vulnerability in Microsoft.AspNetCore.App.Runtime.linux-arm (CVE-2022-24464)
vulnerability in Microsoft.AspNetCore.App.Runtime.linux-arm (CVE-2022-24464). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.0.3` or later.
|
| CVE-2022-25018 |
|
Code Injection in pluxml (CVE-2022-25018)
code injection in pluxml (CVE-2022-25018). Successful exploitation can lead to full system takeover.
|
| CVE-2021-37504 |
|
Cross-Site Scripting (XSS) in hayageek (CVE-2021-37504)
cross-site scripting in hayageek (CVE-2021-37504). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-4090 |
|
Out-of-Bounds Write in c (CVE-2021-4090)
out-of-bounds write in c (CVE-2021-4090). Confidential information can be exposed externally.
|
| CVE-2022-22901 |
|
Vulnerability in c (CVE-2022-22901)
vulnerability in c (CVE-2022-22901). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-45416 |
|
Cross-Site Scripting (XSS) in rosariosis (CVE-2021-45416)
cross-site scripting in rosariosis (CVE-2021-45416). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-46115 |
|
Unrestricted File Upload in c (CVE-2021-46115)
vulnerability in c (CVE-2021-46115). Successful exploitation can lead to full system takeover.
|
| CVE-2021-25296 KEV |
|
[KEV] OS Command Injection in nagios (CVE-2021-25296)
OS command injection in nagios (CVE-2021-25296). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-25297 KEV |
|
[KEV] OS Command Injection in nagios (CVE-2021-25297)
OS command injection in nagios (CVE-2021-25297). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-25298 KEV |
|
[KEV] OS Command Injection in nagios (CVE-2021-25298)
OS command injection in nagios (CVE-2021-25298). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-44832 |
|
Vulnerability in org.apache.logging.log4j:log4j-core (CVE-2021-44832)
vulnerability in org.apache.logging.log4j:log4j-core (CVE-2021-44832). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.17.1` or later.
|
| CVE-2020-20426 |
|
Cross-Site Scripting (XSS) in s-cms (CVE-2020-20426)
cross-site scripting in s-cms (CVE-2020-20426). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-42216 |
|
A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php.
A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php.
|
| CVE-2018-10228 |
|
Cross-Site Scripting (XSS) in limesurvey (CVE-2018-10228)
cross-site scripting in limesurvey (CVE-2018-10228). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-43687 |
|
Cross-Site Scripting (XSS) in chamilo (CVE-2021-43687)
cross-site scripting in chamilo (CVE-2021-43687). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-22204 KEV |
|
[KEV] Vulnerability in Perl exiftool (CVE-2021-22204)
vulnerability in Perl exiftool (CVE-2021-22204). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-25877 |
|
Code Injection in youphptube (CVE-2021-25877)
code injection in youphptube (CVE-2021-25877). Successful exploitation can lead to full system takeover.
|
| CVE-2021-37223 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2021-37223)
SSRF in ssrf (CVE-2021-37223). Confidential information can be exposed externally.
|
| CVE-2021-40639 |
|
Vulnerability in jflyfox (CVE-2021-40639)
vulnerability in jflyfox (CVE-2021-40639). Confidential information can be exposed externally.
|
| CVE-2020-20585 |
|
SQL Injection in c (CVE-2020-20585)
SQL injection in c (CVE-2020-20585). Confidential information can be exposed externally.
|
| CVE-2020-22168 |
|
SQL Injection in sqli (CVE-2020-22168)
SQL injection in sqli (CVE-2020-22168). Confidential information can be exposed externally.
|
| CVE-2021-34202 |
|
Out-of-Bounds Write in c (CVE-2021-34202)
out-of-bounds write in c (CVE-2021-34202). Successful exploitation can lead to full system takeover.
|
| CVE-2020-26679 |
|
Vulnerability in vfairs (CVE-2020-26679)
vulnerability in vfairs (CVE-2020-26679). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-33425 |
|
Cross-Site Scripting (XSS) in openwrt (CVE-2021-33425)
cross-site scripting in openwrt (CVE-2021-33425). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-21843 |
|
Out-of-Bounds Write in c (CVE-2020-21843)
out-of-bounds write in c (CVE-2020-21843). Successful exploitation can lead to full system takeover.
|
| CVE-2020-21834 |
|
A null pointer deference issue exists in GNU LibreDWG 0.10 via get_bmp ../../programs/dwgbmp.c:164.
A null pointer deference issue exists in GNU LibreDWG 0.10 via get_bmp ../../programs/dwgbmp.c:164.
|
| CVE-2020-21839 |
|
Vulnerability in c (CVE-2020-21839)
vulnerability in c (CVE-2020-21839). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-21840 |
|
Out-of-Bounds Write in c (CVE-2020-21840)
out-of-bounds write in c (CVE-2020-21840). Successful exploitation can lead to full system takeover.
|
| CVE-2020-21827 |
|
Out-of-Bounds Write in c (CVE-2020-21827)
out-of-bounds write in c (CVE-2020-21827). Successful exploitation can lead to full system takeover.
|
| CVE-2020-21814 |
|
Out-of-Bounds Write in c (CVE-2020-21814)
out-of-bounds write in c (CVE-2020-21814). Successful exploitation can lead to full system takeover.
|